The Twitter and YouTube channels of the US Military Central Command have been suspended after they were taken over by hackers affiliated to ISIS.
According to Washington Post, data was released which did not come from Centcom’s server or social media sites and was already publicly available online. However, the hackers had control long enough to post tweets stating “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK”.
The first rogue tweet on Monday was posted about 12:30 p.m. and the account was not suspended for about another 40 minutes. The background and profile photo of the Twitter account were both changed to show an apparent militant and the phrases “CyberCaliphate” and “i love you isis”.
The Centcom YouTube page was also hacked, with two Islamic State propaganda videos added to the page and the same “CyberCaliphate” banner posted. The YouTube account was eventually “terminated due to repeated or severe violations” of YouTube’s guidelines, the website said. Central Command also maintains Facebook accounts, but it appears they were not affected.
Centcom oversees the US military campaign against the Islamic State in Iraq and Syria, and frequently posts videos of airstrikes on the same accounts. A Centcom spokesman confirmed their accounts were “compromised”, and said later that the accounts have been taken offline while the incident is investigated more.
“CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a military statement said. “CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cyber vandalism.”
Ken Westin, senior security analyst at Tripwire: “The compromise of both the Central Command Twitter and YouTube accounts is an escalation that should cause concern for the US Government. The fact they were able to compromise the accounts should force the Government to re-evaluate their security policies when it comes to social media. Google and Twitter both provide two-factor authentication, it would be interesting to know if this was deployed on these accounts, if not it would show a serious lapse in security.
“Even if military systems and devices have not been compromised, the objectives of the Cyber Caliphate are still achieved thanks to the media frenzy that the compromise and data posted generates.”
Lance Cottrell, chief scientist at Ntrepid, said: “The message this sends is that official accounts on non-official platforms are highly vulnerable. For example, in 2013 false information on an AP hacked social media account claiming there were explosions at Whitehouse caused a market flash crash.
“There was clear potential for similar harm from this kind of attack, but it was not taken advantage of. And this is unlikely to do any massive harm because there are so many other sources of information to correct it.”